Most Lawfare readers will be familiar with Kaspersky Labs, the Russian cybersecurity firm. Many American cyberspecurity experts (including Rick Ledgett, Nicholas Weaver, and me) have been skeptical about the firm, suspecting that its connections to the Russian government were not wholly benign. We were not alone in that concern: eventually the U.S. government ordered that Kaspersky products be removed from federal systems, an order that Kaspersky challenged in court, and which was upheld by the U.S. Court of Appeals for the D.C. Circuit (at least in part because Congress confirmed that judgment in a provision of the National Defense Authorization Act).
Given all the negative judgments about Kaspersky, it is only fair to present the other side. As reported by the Washington Post, it appears that a tip from Kaspersky led federal authorities to arrest Harold Martin in connection with the largest theft of classified data in NSA history. Here's the opening of the article:
The National Security Agency discovered what has been called the largest breach of classified data in its history in 2016 after getting a tip from a Russian cybersecurity firm that the U.S. government has banned from its networks as a spy threat, according to people familiar with the matter. Federal prosecutors in August 2016 arrested a former NSA contractor, Harold T. Martin III, accusing him of taking home without permission at least 50 terabytes of data — the rough equivalent of 500 million pages of material — that included highly sensitive hacking tools.
To be honest, I don't think that will change my personal judgment. As a matter of risk mitigation, it still makes little sense to use Kaspersky products when other equally effective products are on the market. But fairness dictates that a complete record be kept and, in this case, that Kaspersky be commended for its assistance to the U.S. government.
UPDATE: In the interest in giving reporting credit where it is due, it has since been called to my attention that the Post report noted above builds on a story that was first broken by Kim Zetter, and which, in turn builds on earlier reporting by Josh Gerstein, both of Politico. My thanks to those who called this to my attention -- in an information rich world, we only know what we know.